A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

The vulnerability is caused due to an error in win32k.sys when processing the "GreEnableEUDC()" function. This can be exploited to overflow the "EntryContext" buffer specified in the "QueryTable" parameter to the "RtlQueryRegistryValues()" function via e.g. a specially crafted "SystemDefaultEUDCFont" registry value.

Successful exploitation allows execution of arbitrary code in the kernel.

The published proof-of-concept successfully bypasses the UAC security mechanism on Windows but the severity is somewhat reduced because a hacker must combine two security vulnerabilities (and exploits) to launch a successful attack.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.